10 Credential Stealing Python Libraries Found on PyPI Repository


The Python Package Index (PyPI) has removed 10 modules for their capacity to gather sensitive data points like passwords and API tokens, marking yet another incident of harmful packages infiltrating open-source code repositories.

The revelation adds to a growing number of recent instances in which threat actors have distributed malicious malware on well-known software repositories like PyPI and Node Package Manager (NPM) in an effort to disrupt the software supply chain. Read More…